RubyGems - authorized_rails_scaffolds - Versions diffs - 0.0.8 → 0.0.9 - Mend

authorized_rails_scaffolds 0.0.8 → 0.0.9

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (11) hide show

data/lib/authorized_rails_scaffolds/helper.rb CHANGED Viewed

@@ -8,6 +8,7 @@ module AuthorizedRailsScaffolds
       @plural_var_name = options[:plural_var_name] || @var_name.pluralize # Pluralized non-namespaced variable name
       # Determine namespace prefix i.e awesome
       @namespace_prefix = options[:namespace_prefix] || options[:singular_table_name][0..-(@var_name.length + 2)]
+      @controller_prefix = options[:controller_prefix] || options[:class_name].split('::')[0..-2].join('::')
       # Determine Parent Prefix i.e. user_company
       parent_prefix = AuthorizedRailsScaffolds.parent_models.collect{ |x| x.underscore }.join('_')
@@ -24,6 +25,11 @@ module AuthorizedRailsScaffolds
       @single_path_prefix = "#{@route_prefix}#{var_name}"
     end
+    # Prefix for Controllers (i.e. Admin::)
+    def ns_controller_prefix
+      "#{@controller_prefix}::" unless @controller_prefix.blank?
+    end
     # Non-namespaced class name (i.e. FooBar)
     def local_class_name
       @local_class_name

data/lib/authorized_rails_scaffolds/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
 module AuthorizedRailsScaffolds
-  VERSION = "0.0.8"
+  VERSION = "0.0.9"
 end

data/lib/generators/authorized_rails_scaffolds/install_macros/templates/devise_can_can/USAGE CHANGED Viewed

@@ -3,5 +3,5 @@
 #
 RSpec.configure do |config|
   config.include Devise::TestHelpers, :type => :controller
-  config.extend DeviseCanCanControllerMacros, :type => :controller
+  config.include DeviseCanCanControllerMacros, :type => :controller
 end

data/lib/generators/authorized_rails_scaffolds/install_macros/templates/devise_can_can/controller_macros.rb CHANGED Viewed

@@ -1,25 +1,44 @@
 module DeviseCanCanControllerMacros
-  def login_unauthorized_user
-    before(:each) do
-      @ability = Object.new
-      @ability.extend(CanCan::Ability)
-      @controller.stubs(:current_ability).returns(@ability)
-      @request.env["devise.mapping"] = Devise.mappings[:user]
-      @logged_in_user = FactoryGirl.create(:user)
-      sign_in @logged_in_user
+  module ClassMethods
+    def grant_ability(action, subject)
+      before(:each) do
+        stub_ability.can action, subject
+      end
+    end
+    def login_unauthorized_user
+      before(:each) do
+        stub_ability
+        @request.env["devise.mapping"] = Devise.mappings[:user]
+        @logged_in_user = FactoryGirl.create(:user)
+        sign_in @logged_in_user
+      end
+    end
+    def login_user_with_ability(action, subject)
+      before(:each) do
+        stub_ability.can action, subject
+        @request.env["devise.mapping"] = Devise.mappings[:user]
+        @logged_in_user = FactoryGirl.create(:user)
+        sign_in @logged_in_user
+      end
     end
   end
-  def login_user_with_ability(action, subject)
-    before(:each) do
+  def self.included(controller_spec)
+    controller_spec.extend(ClassMethods)
+  end
+  def stub_ability
+    unless @ability
       @ability = Object.new
       @ability.extend(CanCan::Ability)
-      @ability.can action, subject
       @controller.stubs(:current_ability).returns(@ability)
-      @request.env["devise.mapping"] = Devise.mappings[:user]
-      @logged_in_user = FactoryGirl.create(:user)
-      sign_in @logged_in_user
     end
+    @ability
   end
 end

data/lib/generators/authorized_rails_scaffolds/install_templates/templates/scaffold/controller.rb CHANGED Viewed

@@ -19,9 +19,9 @@ orm_instance = Rails::Generators::ActiveModel.new var_name
 -%>
 <% module_namespacing do -%>
-class <%= controller_class_name %>Controller < ApplicationController
+class <%= controller_class_name %>Controller < <%= t_helper.ns_controller_prefix %>ApplicationController
   <%- AuthorizedRailsScaffolds.parent_models.each_with_index do |model, model_index| -%>
-  load_resource :<%= model.underscore %><% if model_index > 0 %>, :through => :<%= AuthorizedRailsScaffolds.parent_models[model_index - 1].underscore %><% end %>
+  load_and_authorize_resource :<%= model.underscore %><% if model_index > 0 %>, :through => :<%= AuthorizedRailsScaffolds.parent_models[model_index - 1].underscore %><% end %>
   <%- end -%>
   load_and_authorize_resource :<%= var_name%><% if AuthorizedRailsScaffolds.parent_models.any? %>, :through => :<%= AuthorizedRailsScaffolds.parent_models.last.underscore %><% end %>

data/lib/generators/authorized_rails_scaffolds/install_templates/templates/spec/controller_spec.rb CHANGED Viewed

@@ -57,39 +57,45 @@ describe <%= controller_class_name %>Controller do
 <%- end -%>
 <% unless options[:singleton] -%>
   describe "GET index" do
-    context 'without a user' do
-      describe 'with valid request' do
-        before(:each) do
-          @<%= var_name %> = <%= t_helper.create_factory_model %>
-          get :index, {<%= t_helper.index_action_params_prefix %>}
+    context do # Within default nesting
+      <%- AuthorizedRailsScaffolds.parent_models.each do |model| -%>
+      grant_ability :read, <%= model.classify %>
+      <%- end -%>
+      context 'without a user' do
+        describe 'with valid request' do
+          before(:each) do
+            @<%= var_name %> = <%= t_helper.create_factory_model %>
+            get :index, {<%= t_helper.index_action_params_prefix %>}
+          end
+          it { should redirect_to(new_user_session_path) }
+          it { should set_the_flash[:alert].to("You need to sign in or sign up before continuing.") }
         end
-        it { should redirect_to(new_user_session_path) }
-        it { should set_the_flash[:alert].to("You need to sign in or sign up before continuing.") }
       end
-    end
-    context 'as an unauthorized user' do
-      login_unauthorized_user
-      describe 'with valid request' do
-        before(:each) do
-          @<%= var_name %> = <%= t_helper.create_factory_model %>
-          get :index, {<%= t_helper.index_action_params_prefix %>}
+      context 'as an unauthorized user' do
+        login_unauthorized_user
+        describe 'with valid request' do
+          before(:each) do
+            @<%= var_name %> = <%= t_helper.create_factory_model %>
+            get :index, {<%= t_helper.index_action_params_prefix %>}
+          end
+          it { should redirect_to(root_url) }
+          it { should set_the_flash[:alert].to("You are not authorized to access this page.") }
         end
-        it { should redirect_to(root_url) }
-        it { should set_the_flash[:alert].to("You are not authorized to access this page.") }
       end
-    end
-    context 'as user with read ability' do
-      login_user_with_ability :read, <%= local_class_name %>
-      describe 'with valid request' do
-        before(:each) do
-          @<%= var_name %> = <%= t_helper.create_factory_model %>
-          get :index, {<%= t_helper.index_action_params_prefix %>}
-        end
-        it { should respond_with(:success) }
-        it { should render_template(:index) }
-        it { should render_with_layout(:application) }
-        it "assigns all <%= plural_var_name %> as @<%= plural_var_name %>" do
-          assigns(:<%= plural_var_name %>).should eq([@<%= var_name %>])
+      context 'as user with read ability' do
+        login_user_with_ability :read, <%= local_class_name %>
+        describe 'with valid request' do
+          before(:each) do
+            @<%= var_name %> = <%= t_helper.create_factory_model %>
+            get :index, {<%= t_helper.index_action_params_prefix %>}
+          end
+          it { should respond_with(:success) }
+          it { should render_template(:index) }
+          it { should render_with_layout(:application) }
+          it "assigns all <%= plural_var_name %> as @<%= plural_var_name %>" do
+            assigns(:<%= plural_var_name %>).should eq([@<%= var_name %>])
+          end
         end
       end
     end
@@ -97,279 +103,319 @@ describe <%= controller_class_name %>Controller do
 <% end -%>
   describe "GET show" do
-    context 'without a user' do
-      describe 'with valid request' do
-        before(:each) do
-          @<%= var_name %> = <%= t_helper.create_factory_model %>
-          get :show, {<%= t_helper.action_params_prefix %>:id => @<%= var_name %>.to_param}
+    context do # Within default nesting
+      <%- AuthorizedRailsScaffolds.parent_models.each do |model| -%>
+      grant_ability :read, <%= model.classify %>
+      <%- end -%>
+      context 'without a user' do
+        <%- AuthorizedRailsScaffolds.parent_models.each do |model| -%>
+        grant_ability :read, <%= model.classify %>
+        <%- end -%>
+        describe 'with valid request' do
+          before(:each) do
+            @<%= var_name %> = <%= t_helper.create_factory_model %>
+            get :show, {<%= t_helper.action_params_prefix %>:id => @<%= var_name %>.to_param}
+          end
+          it { should redirect_to(new_user_session_path) }
+          it { should set_the_flash[:alert].to("You need to sign in or sign up before continuing.") }
         end
-        it { should redirect_to(new_user_session_path) }
-        it { should set_the_flash[:alert].to("You need to sign in or sign up before continuing.") }
       end
-    end
-    context 'as an unauthorized user' do
-      login_unauthorized_user
-      describe 'with valid request' do
-        before(:each) do
-          @<%= var_name %> = <%= t_helper.create_factory_model %>
-          get :show, {<%= t_helper.action_params_prefix %>:id => @<%= var_name %>.to_param}
+      context 'as an unauthorized user' do
+        login_unauthorized_user
+        describe 'with valid request' do
+          before(:each) do
+            @<%= var_name %> = <%= t_helper.create_factory_model %>
+            get :show, {<%= t_helper.action_params_prefix %>:id => @<%= var_name %>.to_param}
+          end
+          it { should redirect_to(<%= t_helper.controller_index_route %>) }
+          it { should set_the_flash[:alert].to("You are not authorized to access this page.") }
         end
-        it { should redirect_to(<%= t_helper.controller_index_route %>) }
-        it { should set_the_flash[:alert].to("You are not authorized to access this page.") }
       end
-    end
-    context 'as user with read ability' do
-      login_user_with_ability :read, <%= local_class_name %>
-      describe 'with valid request' do
-        before(:each) do
-          @<%= var_name %> = <%= t_helper.create_factory_model %>
-          get :show, {<%= t_helper.action_params_prefix %>:id => @<%= var_name %>.to_param}
-        end
-        it { should respond_with(:success) }
-        it { should render_template(:show) }
-        it { should render_with_layout(:application) }
-        it "assigns the requested <%= var_name %> as @<%= var_name %>" do
-          assigns(:<%= var_name %>).should eq(@<%= var_name %>)
+      context 'as user with read ability' do
+        login_user_with_ability :read, <%= local_class_name %>
+        describe 'with valid request' do
+          before(:each) do
+            @<%= var_name %> = <%= t_helper.create_factory_model %>
+            get :show, {<%= t_helper.action_params_prefix %>:id => @<%= var_name %>.to_param}
+          end
+          it { should respond_with(:success) }
+          it { should render_template(:show) }
+          it { should render_with_layout(:application) }
+          it "assigns the requested <%= var_name %> as @<%= var_name %>" do
+            assigns(:<%= var_name %>).should eq(@<%= var_name %>)
+          end
         end
       end
     end
   end
   describe "GET new" do
-    context 'without a user' do
-      describe 'with valid request' do
-        before(:each) do
-          get :new, {<%= t_helper.index_action_params_prefix %>}
+    context do # Within default nesting
+      <%- AuthorizedRailsScaffolds.parent_models.each do |model| -%>
+      grant_ability :read, <%= model.classify %>
+      <%- end -%>
+      context 'without a user' do
+        describe 'with valid request' do
+          before(:each) do
+            get :new, {<%= t_helper.index_action_params_prefix %>}
+          end
+          it { should redirect_to(new_user_session_path) }
+          it { should set_the_flash[:alert].to("You need to sign in or sign up before continuing.") }
         end
-        it { should redirect_to(new_user_session_path) }
-        it { should set_the_flash[:alert].to("You need to sign in or sign up before continuing.") }
       end
-    end
-    context 'as an unauthorized user' do
-      login_unauthorized_user
-      describe 'with valid request' do
-        before(:each) do
-          get :new, {<%= t_helper.index_action_params_prefix %>}
+      context 'as an unauthorized user' do
+        login_unauthorized_user
+        describe 'with valid request' do
+          before(:each) do
+            get :new, {<%= t_helper.index_action_params_prefix %>}
+          end
+          it { should redirect_to(<%= t_helper.controller_index_route %>) }
+          it { should set_the_flash[:alert].to("You are not authorized to access this page.") }
         end
-        it { should redirect_to(<%= t_helper.controller_index_route %>) }
-        it { should set_the_flash[:alert].to("You are not authorized to access this page.") }
       end
-    end
-    context 'as user with create ability' do
-      login_user_with_ability :create, <%= local_class_name %>
-      describe 'with valid request' do
-        before(:each) do
-          get :new, {<%= t_helper.index_action_params_prefix %>}
-        end
-        it { should respond_with(:success) }
-        it { should render_template(:new) }
-        it { should render_with_layout(:application) }
-        it "assigns a new <%= var_name %> as @<%= var_name %>" do
-          assigns(:<%= var_name %>).should be_a_new(<%= local_class_name %>)
+      context 'as user with create ability' do
+        login_user_with_ability :create, <%= local_class_name %>
+        describe 'with valid request' do
+          before(:each) do
+            get :new, {<%= t_helper.index_action_params_prefix %>}
+          end
+          it { should respond_with(:success) }
+          it { should render_template(:new) }
+          it { should render_with_layout(:application) }
+          it "assigns a new <%= var_name %> as @<%= var_name %>" do
+            assigns(:<%= var_name %>).should be_a_new(<%= local_class_name %>)
+          end
         end
       end
     end
   end
   describe "GET edit" do
-    context 'without a user' do
-      describe 'with valid request' do
-        before(:each) do
-          @<%= var_name %> = <%= t_helper.create_factory_model %>
-          get :edit, {<%= t_helper.action_params_prefix %>:id => @<%= var_name %>.to_param}
+    context do # Within default nesting
+      <%- AuthorizedRailsScaffolds.parent_models.each do |model| -%>
+      grant_ability :read, <%= model.classify %>
+      <%- end -%>
+      context 'without a user' do
+        describe 'with valid request' do
+          before(:each) do
+            @<%= var_name %> = <%= t_helper.create_factory_model %>
+            get :edit, {<%= t_helper.action_params_prefix %>:id => @<%= var_name %>.to_param}
+          end
+          it { should redirect_to(new_user_session_path) }
+          it { should set_the_flash[:alert].to("You need to sign in or sign up before continuing.") }
         end
-        it { should redirect_to(new_user_session_path) }
-        it { should set_the_flash[:alert].to("You need to sign in or sign up before continuing.") }
       end
-    end
-    context 'as an unauthorized user' do
-      login_unauthorized_user
-      describe 'with valid request' do
-        before(:each) do
-          @<%= var_name %> = <%= t_helper.create_factory_model %>
-          get :edit, {<%= t_helper.action_params_prefix %>:id => @<%= var_name %>.to_param}
+      context 'as an unauthorized user' do
+        login_unauthorized_user
+        describe 'with valid request' do
+          before(:each) do
+            @<%= var_name %> = <%= t_helper.create_factory_model %>
+            get :edit, {<%= t_helper.action_params_prefix %>:id => @<%= var_name %>.to_param}
+          end
+          it { should redirect_to(<%= t_helper.controller_index_route %>) }
+          it { should set_the_flash[:alert].to("You are not authorized to access this page.") }
         end
-        it { should redirect_to(<%= t_helper.controller_index_route %>) }
-        it { should set_the_flash[:alert].to("You are not authorized to access this page.") }
       end
-    end
-    context 'as user with update ability' do
-      login_user_with_ability :update, <%= local_class_name %>
-      describe 'with valid request' do
-        before(:each) do
-          @<%= var_name %> = <%= t_helper.create_factory_model %>
-          get :edit, {<%= t_helper.action_params_prefix %>:id => @<%= var_name %>.to_param}
-        end
-        it { should respond_with(:success) }
-        it { should render_template(:edit) }
-        it { should render_with_layout(:application) }
-        it "assigns the requested <%= var_name %> as @<%= var_name %>" do
-          assigns(:<%= var_name %>).should eq(@<%= var_name %>)
+      context 'as user with update ability' do
+        login_user_with_ability :update, <%= local_class_name %>
+        describe 'with valid request' do
+          before(:each) do
+            @<%= var_name %> = <%= t_helper.create_factory_model %>
+            get :edit, {<%= t_helper.action_params_prefix %>:id => @<%= var_name %>.to_param}
+          end
+          it { should respond_with(:success) }
+          it { should render_template(:edit) }
+          it { should render_with_layout(:application) }
+          it "assigns the requested <%= var_name %> as @<%= var_name %>" do
+            assigns(:<%= var_name %>).should eq(@<%= var_name %>)
+          end
         end
       end
     end
   end
   describe "POST create" do
-    context 'without a user' do
-      describe 'with valid params' do
-        before(:each) do
-          post :create, {<%= t_helper.action_params_prefix %>:<%= var_name %> => valid_create_attributes}
-        end
-        it { should redirect_to(new_user_session_path) }
-        it { should set_the_flash[:alert].to("You need to sign in or sign up before continuing.") }
-      end
-    end
-    context 'as an unauthorized user' do
-      login_unauthorized_user
-      describe "with valid params" do
-        before(:each) do
-          post :create, {<%= t_helper.action_params_prefix %>:<%= var_name %> => valid_create_attributes}
-        end
-        it { should redirect_to(<%= t_helper.controller_index_route %>) }
-        it { should set_the_flash[:alert].to("You are not authorized to access this page.") }
-      end
-    end
-    context 'as user with create ability' do
-      login_user_with_ability :create, <%= local_class_name %>
-      describe "with valid params" do
-        it "creates a new <%= local_class_name %>" do
-          expect {
+    context do # Within default nesting
+      <%- AuthorizedRailsScaffolds.parent_models.each do |model| -%>
+      grant_ability :read, <%= model.classify %>
+      <%- end -%>
+      context 'without a user' do
+        describe 'with valid params' do
+          before(:each) do
             post :create, {<%= t_helper.action_params_prefix %>:<%= var_name %> => valid_create_attributes}
-          }.to change(<%= local_class_name %>, :count).by(1)
+          end
+          it { should redirect_to(new_user_session_path) }
+          it { should set_the_flash[:alert].to("You need to sign in or sign up before continuing.") }
         end
       end
-      describe 'with valid params' do
-        before(:each) do
-          post :create, {<%= t_helper.action_params_prefix %>:<%= var_name %> => valid_create_attributes}
-        end
-        it "assigns a newly created <%= var_name %> as @<%= var_name %>" do
-          assigns(:<%= var_name %>).should be_a(<%= local_class_name %>)
-          assigns(:<%= var_name %>).should be_persisted
-        end
-        it "redirects to the created <%= var_name %>" do
-          response.should redirect_to(<%= t_helper.controller_show_route "#{local_class_name}.last" %>)
+      context 'as an unauthorized user' do
+        login_unauthorized_user
+        describe "with valid params" do
+          before(:each) do
+            post :create, {<%= t_helper.action_params_prefix %>:<%= var_name %> => valid_create_attributes}
+          end
+          it { should redirect_to(<%= t_helper.controller_index_route %>) }
+          it { should set_the_flash[:alert].to("You are not authorized to access this page.") }
         end
       end
-      describe "with invalid params" do
-        before(:each) do
-          # Trigger the behavior that occurs when invalid params are submitted
-          <%= local_class_name %>.any_instance.stub(:save).and_return(false)
-          post :create, {<%= t_helper.action_params_prefix %>:<%= var_name %> => <%= formatted_hash(example_invalid_attributes) %>}
-        end
-        it { should render_template(:new) }
-        it { should render_with_layout(:application) }
-        it "assigns a newly created but unsaved <%= var_name %> as @<%= var_name %>" do
-          assigns(:<%= var_name %>).should be_a_new(<%= local_class_name %>)
+      context 'as user with create ability' do
+        login_user_with_ability :create, <%= local_class_name %>
+        describe "with valid params" do
+          it "creates a new <%= local_class_name %>" do
+            expect {
+              post :create, {<%= t_helper.action_params_prefix %>:<%= var_name %> => valid_create_attributes}
+            }.to change(<%= local_class_name %>, :count).by(1)
+          end
+        end
+        describe 'with valid params' do
+          before(:each) do
+            post :create, {<%= t_helper.action_params_prefix %>:<%= var_name %> => valid_create_attributes}
+          end
+          it "assigns a newly created <%= var_name %> as @<%= var_name %>" do
+            assigns(:<%= var_name %>).should be_a(<%= local_class_name %>)
+            assigns(:<%= var_name %>).should be_persisted
+          end
+          it "redirects to the created <%= var_name %>" do
+            response.should redirect_to(<%= t_helper.controller_show_route "#{local_class_name}.last" %>)
+          end
+        end
+        describe "with invalid params" do
+          before(:each) do
+            # Trigger the behavior that occurs when invalid params are submitted
+            <%= local_class_name %>.any_instance.stub(:save).and_return(false)
+            post :create, {<%= t_helper.action_params_prefix %>:<%= var_name %> => <%= formatted_hash(example_invalid_attributes) %>}
+          end
+          it { should render_template(:new) }
+          it { should render_with_layout(:application) }
+          it "assigns a newly created but unsaved <%= var_name %> as @<%= var_name %>" do
+            assigns(:<%= var_name %>).should be_a_new(<%= local_class_name %>)
+          end
         end
       end
     end
   end
   describe "PUT update" do
-    context 'without a user' do
-      describe 'with valid params' do
-        before(:each) do
-          @<%= var_name %> = <%= t_helper.create_factory_model %>
-          put :update, {<%= t_helper.action_params_prefix %>:id => @<%= var_name %>.to_param, :<%= var_name %> => valid_update_attributes}
-        end
-        it { should redirect_to(new_user_session_path) }
-        it { should set_the_flash[:alert].to("You need to sign in or sign up before continuing.") }
-      end
-    end
-    context 'as an unauthorized user' do
-      login_unauthorized_user
-      describe "with valid params" do
-        before(:each) do
-          @<%= var_name %> = <%= t_helper.create_factory_model %>
-          put :update, {<%= t_helper.action_params_prefix %>:id => @<%= var_name %>.to_param, :<%= var_name %> => valid_update_attributes}
-        end
-        it { should redirect_to(<%= t_helper.controller_index_route %>) }
-        it { should set_the_flash[:alert].to("You are not authorized to access this page.") }
-      end
-    end
-    context 'as user with update ability' do
-      login_user_with_ability :update, <%= local_class_name %>
-      describe "with valid params" do
-        it "updates the requested <%= var_name %>" do
-          @<%= var_name %> = <%= t_helper.create_factory_model %>
-          # Assuming there are no other <%= var_name %> in the database, this
-          # specifies that the <%= local_class_name %> created on the previous line
-          # receives the :update_attributes message with whatever params are
-          # submitted in the request.
-          <%- if Rails.version >= '4' -%>
-          <%= local_class_name %>.any_instance.should_receive(:update).with(<%= formatted_hash(example_params_for_update) %>)
-          <%- else -%>
-          <%= local_class_name %>.any_instance.should_receive(:update_attributes).with(<%= formatted_hash(example_params_for_update) %>)
-          <%- end -%>
-          put :update, {<%= t_helper.action_params_prefix %>:id => @<%= var_name %>.to_param, :<%= var_name %> => <%= formatted_hash(example_params_for_update) %>}
+    context do # Within default nesting
+      <%- AuthorizedRailsScaffolds.parent_models.each do |model| -%>
+      grant_ability :read, <%= model.classify %>
+      <%- end -%>
+      context 'without a user' do
+        describe 'with valid params' do
+          before(:each) do
+            @<%= var_name %> = <%= t_helper.create_factory_model %>
+            put :update, {<%= t_helper.action_params_prefix %>:id => @<%= var_name %>.to_param, :<%= var_name %> => valid_update_attributes}
+          end
+          it { should redirect_to(new_user_session_path) }
+          it { should set_the_flash[:alert].to("You need to sign in or sign up before continuing.") }
         end
       end
-      describe "with valid params" do
-        before(:each) do
-          @<%= var_name %> = <%= t_helper.create_factory_model %>
-          put :update, {<%= t_helper.action_params_prefix %>:id => @<%= var_name %>.to_param, :<%= var_name %> => valid_update_attributes}
-        end
-        it "assigns the requested <%= var_name %> as @<%= var_name %>" do
-          assigns(:<%= var_name %>).should eq(@<%= var_name %>)
-        end
-        it "redirects to the <%= var_name %>" do
-          response.should redirect_to(<%= t_helper.controller_show_route "@#{var_name}" %>)
+      context 'as an unauthorized user' do
+        login_unauthorized_user
+        describe "with valid params" do
+          before(:each) do
+            @<%= var_name %> = <%= t_helper.create_factory_model %>
+            put :update, {<%= t_helper.action_params_prefix %>:id => @<%= var_name %>.to_param, :<%= var_name %> => valid_update_attributes}
+          end
+          it { should redirect_to(<%= t_helper.controller_index_route %>) }
+          it { should set_the_flash[:alert].to("You are not authorized to access this page.") }
         end
       end
-      describe "with invalid params" do
-        before(:each) do
-          @<%= var_name %> = <%= t_helper.create_factory_model %>
-          # Trigger the behavior that occurs when invalid params are submitted
-          <%= local_class_name %>.any_instance.stub(:save).and_return(false)
-          put :update, {<%= t_helper.action_params_prefix %>:id => @<%= var_name %>.to_param, :<%= var_name %> => <%= formatted_hash(example_invalid_attributes) %>}
-        end
-        it { should render_template(:edit) }
-        it { should render_with_layout(:application) }
-        it "assigns the <%= var_name %> as @<%= var_name %>" do
-          assigns(:<%= var_name %>).should eq(@<%= var_name %>)
+      context 'as user with update ability' do
+        login_user_with_ability :update, <%= local_class_name %>
+        describe "with valid params" do
+          it "updates the requested <%= var_name %>" do
+            @<%= var_name %> = <%= t_helper.create_factory_model %>
+            # Assuming there are no other <%= var_name %> in the database, this
+            # specifies that the <%= local_class_name %> created on the previous line
+            # receives the :update_attributes message with whatever params are
+            # submitted in the request.
+            <%- if Rails.version >= '4' -%>
+            <%= local_class_name %>.any_instance.should_receive(:update).with(<%= formatted_hash(example_params_for_update) %>)
+            <%- else -%>
+            <%= local_class_name %>.any_instance.should_receive(:update_attributes).with(<%= formatted_hash(example_params_for_update) %>)
+            <%- end -%>
+            put :update, {<%= t_helper.action_params_prefix %>:id => @<%= var_name %>.to_param, :<%= var_name %> => <%= formatted_hash(example_params_for_update) %>}
+          end
+        end
+        describe "with valid params" do
+          before(:each) do
+            @<%= var_name %> = <%= t_helper.create_factory_model %>
+            put :update, {<%= t_helper.action_params_prefix %>:id => @<%= var_name %>.to_param, :<%= var_name %> => valid_update_attributes}
+          end
+          it "assigns the requested <%= var_name %> as @<%= var_name %>" do
+            assigns(:<%= var_name %>).should eq(@<%= var_name %>)
+          end
+          it "redirects to the <%= var_name %>" do
+            response.should redirect_to(<%= t_helper.controller_show_route "@#{var_name}" %>)
+          end
+        end
+        describe "with invalid params" do
+          before(:each) do
+            @<%= var_name %> = <%= t_helper.create_factory_model %>
+            # Trigger the behavior that occurs when invalid params are submitted
+            <%= local_class_name %>.any_instance.stub(:save).and_return(false)
+            put :update, {<%= t_helper.action_params_prefix %>:id => @<%= var_name %>.to_param, :<%= var_name %> => <%= formatted_hash(example_invalid_attributes) %>}
+          end
+          it { should render_template(:edit) }
+          it { should render_with_layout(:application) }
+          it "assigns the <%= var_name %> as @<%= var_name %>" do
+            assigns(:<%= var_name %>).should eq(@<%= var_name %>)
+          end
         end
       end
     end
   end
   describe "DELETE destroy" do
-    context 'without a user' do
-      describe 'with valid request' do
-        before(:each) do
-          @<%= var_name %> = <%= t_helper.create_factory_model %>
-          delete :destroy, {<%= t_helper.action_params_prefix %>:id => @<%= var_name %>.to_param}
+    context do # Within default nesting
+      <%- AuthorizedRailsScaffolds.parent_models.each do |model| -%>
+      grant_ability :read, <%= model.classify %>
+      <%- end -%>
+      context 'without a user' do
+        describe 'with valid request' do
+          before(:each) do
+            @<%= var_name %> = <%= t_helper.create_factory_model %>
+            delete :destroy, {<%= t_helper.action_params_prefix %>:id => @<%= var_name %>.to_param}
+          end
+          it { should redirect_to(new_user_session_path) }
+          it { should set_the_flash[:alert].to("You need to sign in or sign up before continuing.") }
         end
-        it { should redirect_to(new_user_session_path) }
-        it { should set_the_flash[:alert].to("You need to sign in or sign up before continuing.") }
       end
-    end
-    context 'as an unauthorized user' do
-      login_unauthorized_user
-      describe "with valid request" do
-        before(:each) do
-          @<%= var_name %> = <%= t_helper.create_factory_model %>
-          delete :destroy, {<%= t_helper.action_params_prefix %>:id => @<%= var_name %>.to_param}
+      context 'as an unauthorized user' do
+        login_unauthorized_user
+        describe "with valid request" do
+          before(:each) do
+            @<%= var_name %> = <%= t_helper.create_factory_model %>
+            delete :destroy, {<%= t_helper.action_params_prefix %>:id => @<%= var_name %>.to_param}
+          end
+          it { should redirect_to(<%= t_helper.controller_index_route %>) }
+          it { should set_the_flash[:alert].to("You are not authorized to access this page.") }
         end
-        it { should redirect_to(<%= t_helper.controller_index_route %>) }
-        it { should set_the_flash[:alert].to("You are not authorized to access this page.") }
       end
-    end
-    context 'as user with destroy ability' do
-      login_user_with_ability :destroy, <%= local_class_name %>
-      it "destroys the requested <%= var_name %>" do
-        @<%= var_name %> = <%= t_helper.create_factory_model %>
-        expect {
-          delete :destroy, {<%= t_helper.action_params_prefix %>:id => @<%= var_name %>.to_param}
-        }.to change(<%= local_class_name %>, :count).by(-1)
-      end
-      describe 'with valid request' do
-        before(:each) do
+      context 'as user with destroy ability' do
+        login_user_with_ability :destroy, <%= local_class_name %>
+        it "destroys the requested <%= var_name %>" do
           @<%= var_name %> = <%= t_helper.create_factory_model %>
-          delete :destroy, {<%= t_helper.action_params_prefix %>:id => @<%= var_name %>.to_param}
-        end
-        it "redirects to the <%= var_name %> list" do
-          response.should redirect_to(<%= t_helper.controller_index_route %>)
+          expect {
+            delete :destroy, {<%= t_helper.action_params_prefix %>:id => @<%= var_name %>.to_param}
+          }.to change(<%= local_class_name %>, :count).by(-1)
+        end
+        describe 'with valid request' do
+          before(:each) do
+            @<%= var_name %> = <%= t_helper.create_factory_model %>
+            delete :destroy, {<%= t_helper.action_params_prefix %>:id => @<%= var_name %>.to_param}
+          end
+          it "redirects to the <%= var_name %> list" do
+            response.should redirect_to(<%= t_helper.controller_index_route %>)
+          end
         end
       end
     end